Brightmark Logo
BRIGHTMARK
Security Center

SECURITY_ARCHITECTURE

Enterprise-grade security standards, transparent data practices, and compliance-ready infrastructure.

COMPLIANCE_FRAMEWORK

Built on Canadian regulatory standards.

Compliant

PIPEDA

Full compliance with the Personal Information Protection and Electronic Documents Act.

Strict Adherence

CASL

Strict adherence to Canada's Anti-Spam Legislation for all digital communications.

Secured Processor

PCI DSS

Payment processing secured via PCI Service Provider Level 1 certified partners.

Aligned

CRTC

Inbound operations aligned with Unsolicited Telecommunications Rules.

DEFENSE_LAYERS

Comprehensive security measures.

Data Encryption

  • Data encrypted in transit (TLS 1.3)
  • Data encrypted at rest
  • Secure key management
  • Hashed credential storage
  • Automated SSL certificate rotation

Access Control

  • Google OAuth 2.0 Integration
  • Role-Based Access Control (RBAC)
  • Strict Admin Whitelisting
  • Session Management & Timeouts
  • Audit Logging

Infrastructure

  • Secure Cloud Infrastructure
  • Cloud-Native Architecture
  • High Availability Deployment
  • Daily Automated Backups
  • Isolated Environment Containers

Compliance

  • Explicit Consent Management
  • Unsubscribe Mechanisms (CASL)
  • Data Access Requests (PIPEDA)
  • Privacy Breach Reporting
  • Transparent Data Policies

DATA_PROTOCOLS

Transparent handling practices.

Protocol_01

Data Collection

We only collect data necessary for providing our services, with explicit consent and transparent data usage policies.

Protocol_02

Data Storage

Customer data is encrypted at rest and in transit, with secure backup procedures and retention policies.

Protocol_03

Data Processing

All data processing complies with applicable privacy laws, with data minimization and purpose limitation principles.

Protocol_04

Data Sharing

We never sell customer data. Limited sharing only occurs with explicit consent or legal requirements.

Protocol_05

Data Deletion

Customers can request data deletion at any time, with secure wiping procedures for complete data removal.

INCIDENT_RESPONSE

  • > 24/7 security monitoring
  • > Pre-defined response procedures
  • > Automated breach detection
  • > Prompt regulatory notification
  • > Transparent customer communication

DATA_SOVEREIGNTY

  • > Multi-region storage support
  • > PIPEDA-aligned data practices
  • > Configurable data retention
  • > Secure cross-border transfers
  • > Sovereignty compliance options

HAVE_SECURITY_QUESTIONS?

Contact our team to discuss our security architecture, request a whitepaper, or review our data practices.

Contact Security Team